package com;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

import com.service.SecurityInterceptor;

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
	 @Autowired
	  private SecurityInterceptor securityInterceptor;
	 
	 @Override
	  protected void configure(HttpSecurity http) throws Exception {
	      http
	          .authorizeRequests() 
	              .antMatchers("/", "/otherPages/").permitAll()    //定义无需认证的url
	              .anyRequest().authenticated()
	              .and()
	          .formLogin()
	              .loginPage("/login")  //定义需要认证时，跳转到的登录页面
	              .permitAll()
	              .and()
	          .logout()
	              .permitAll();
	      http.csrf().disable();
	      http.addFilterBefore(securityInterceptor, FilterSecurityInterceptor.class);
	  }

	public SecurityInterceptor getSecurityInterceptor() {
		return securityInterceptor;
	}

	public void setSecurityInterceptor(SecurityInterceptor securityInterceptor) {
		this.securityInterceptor = securityInterceptor;
	}	   
	 
 }